GDPR and information to users

Hi everyone! I guess many of you are currently thinking about implications for your Blackboard instance in relation to GDPR. We have been in contact with Blackboard regarding userdata and asked for clarification about a) For how long the data stored (logs, mobile carriers etc..) b) who has access to the data (including third party vendors) c) For what purpose the data is collected.

Unfortunately we have not received any response yet so I'm curious how you have approached this issue and how you information you provide to your users. This is what we've got for now but we plan to provide more details. What's your approach?

Thanks for the response. We have been in contact with Stephan a few times and asked for clarification. We have also participated in webinars regarding GDPR. I would be interested in examples of similar information you provide to your users as in the link i posted earlier Personuppgifter - Högskolan Dalarna

As I read it, the "similar information" comment refers to the different ways your mobile device identify your current location as it is specified in the parenthesis just after. Its not always the GPS working, but could be certain public wifi´s or triangulation of mobile masts etc that ends up in an estimate of location (usually a region or a certain place as its not as specific as GPS coordinates and would fit under "similar information"). As android and iOS-devices works differently to make an estimate of location, its more important to say "we collect the location data" instead of specify on how your mobile figure out your position.

Hi Marcus. Your request was unfortunately stuck in my review queue. My sincere apologies. It has been a rather busy few months. Not an excuse, but maybe an explanation. I will send you the information via email later today and feel free to share it with the other Scandinavian User Group members.

We are also very close to publishing our new Privacy Policy/Statement which will provide much better information in terms of how we use personal information on behalf of institutions for our various products and better explain our role as a data processor vis-a-vis our clients as the data controller. We also tried to make the language much simpler.